ShipSecure

Overview

AI-powered security code review for GitHub & GitLab

Radar is an AI-powered code reviewer that analyzes pull requests and merge requests for security vulnerabilities, logic bugs, and other issues — then posts findings as inline comments.

Because it uses an LLM (not pattern matching), it understands application logic and can catch issues that static scanners miss: broken auth checks, race conditions, incorrect business logic, and more.

It runs as a self-hosted service — a webhook gateway and a worker that processes jobs from a Redis queue. When a PR is opened or updated, Radar analyzes the diff and comments directly on the problematic lines.

How it works

  1. A webhook fires when a PR/MR is opened or updated
  2. The gateway validates the webhook and enqueues a scan job
  3. The worker fetches the diff and runs a LangGraph agent against each changed file
  4. A synthesis step performs cross-file analysis for issues that span multiple files
  5. Findings are posted as inline review comments

Supported platforms

GitHub

Configure a GitHub App to scan pull requests.

GitLab

Use an access token to scan merge requests on gitlab.com or self-hosted.

AI providers

Radar supports Anthropic (default) and OpenAI as backends. See AI Providers for configuration.

Architecture

apps/
├── gateway/          Express API — webhook ingestion
└── worker/           BullMQ processor — runs the agent

packages/
├── agent/            LangGraph security analysis agent
├── jobs/             Job queue types and utilities
├── logger/           Structured logging (pino)
├── typescript-config/
└── eslint-config/

GitHub

Configure a GitHub App for Radar

On this page

How it worksSupported platformsAI providersArchitecture